SWIFT Confirms New Cyber Thefts, Hacking Tactics (reuters.com) 11
Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February's heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide. From a report on Reuters: The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily. "The threat is very persistent, adaptive and sophisticated -- and it is here to stay," SWIFT said in the November letter to client banks, seen by Reuters. The disclosures provide fresh evidence that SWIFT remains at risk of attacks nearly a year after funds were stolen from a Bangladesh Bank account at the Federal Reserve Bank of New York. The unprecedented cyber theft prompted regulators around the globe to tighten bank security requirements, amidst a global investigation by the FBI, Bangladesh authorities and Interpol.
Continuing vulnerability of the Microsoft windows (Score:4, Informative)
As the Bangladeshi hack revealed, SWIFT isn't vulnerable. What was hacked was the underlying Windows interface that allowed remote transactions and disabling of the Oracle database confirmation messages. The hack consisted of altering two bytes [archive.is] in a running Windows process [blogspot.co.uk].
Re: (Score:2)
Re: (Score:2)
As the Bangladeshi hack revealed, SWIFT isn't vulnerable. What was hacked was the underlying Windows interface that allowed remote transactions and disabling of the Oracle database confirmation messages. The hack consisted of altering two bytes [archive.is] in a running Windows process [blogspot.co.uk].
That's a question of semantics, my friend. If an application runs on Windows and the underlying Windows is indeed vulnerable, then the application on top is vulnerable too. Maybe something really important like large money transfers shouldn't be running on Windows, but I can't say I'm surprised. I've got an IT support job that occasionally requires me to get with customer IT departments and a significant amount of our customers are still Windows only shops and they honestly don't know how to work with a
Re: (Score:1)
It was a couple of years since I worked with SWIFT but at that time their software stack ran on AIX and Windows with a beta on RHEL. The end-point security was mostly up to the customer (in this case, the Bangladesh central bank) and the responsibility would be theirs if their end was compromised.
My experience from the banking industry is that the security of the system is mostly based on being disconnected from the rest of the world and running on a closed of network. The actual software stacks are often o
And I continue to be glad. . . (Score:3)
. . . . that I was NOT hired by SWIFT, ~18 months ago. The atmosphere was almost clubby, and when I saw a few fairly obvious problems during the interview and tour, was told not to worry about it.
I'm guessing, that I would have found MUCH more, had I been hired. And based on the attitude, would have been told not to worry about THOSE, either.
Dodged a bullet, methinks. . .
Learning Go (Score:2)
I've been wasting my time learning Go. I should be learning SWIFT!